TL;DR APT28's Operation MacroMaze uses macro-laced Office docs and legitimate webhook services to exfiltrate data undetected. Here's how it works and why your defenses are probably missing it. Alright, pull up a chair, because this one is actually clever — which is more than I can say for most of the brain-dead ransomware slop I … Continue reading APT28 Operation MacroMaze and how Russia’s Sneakiest Phishing Campaign Just Got Documented